bin/88655: /bin/tcsh ls-F : Floating exception (core dumped)

Tue Nov 8 03:10:17 PST 2005

>Number:         88655
>Category:       bin
>Synopsis:       /bin/tcsh ls-F : Floating exception (core dumped)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 08 11:10:14 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     TOMITA Yoshinori
>Release:        6.0-STABLE
>Organization:
>Environment:
FreeBSD ohinoki 6.0-STABLE FreeBSD 6.0-STABLE #5: Tue Nov  8 15:19:16 JST 2005     yoshin-t at ohinoki:/usr/obj/a/fahrenheit/export/fahrenheit/FreeBSD/RELENG_6/src/sys/GENERIC  i386
>Description:
tcsh 6.14.00 of FreeBSD 6-STABLE will crash by ls-F built-in command.
If login shell is /bin/tcsh, this results in unintentional logout.

GDB stack trace:

-----------------------------------------------------
(gdb) where
#0  0x0806e947 in print_by_column (dir=0x80b9b94, items=0x8167c08, count=331, 
    no_file_suffix=1)
    at /usr/src/bin/csh/../../contrib/tcsh/tw.parse.c:2071
#1  0x0806d993 in tw_list_items (looking=4, numitems=331, list_max=0)
    at /usr/src/bin/csh/../../contrib/tcsh/tw.parse.c:1394
#2  0x0806e107 in t_search (word=0x80b9b94, wp=0x0, command=LIST, 
    max_word_length=0, looking=4, list_max=80, pat=0x80b9b94, suf=0)
    at /usr/src/bin/csh/../../contrib/tcsh/tw.parse.c:1706
#3  0x0808119b in dolist (v=0x8135cbc, c=0x81677e8)
    at /usr/src/bin/csh/../../contrib/tcsh/tc.func.c:251
#4  0x08056a2d in func (t=0x81677e8, bp=0x80909e0)
    at /usr/src/bin/csh/../../contrib/tcsh/sh.func.c:152
#5  0x08065ab7 in execute (t=0x81677e8, wanttty=50551, pipein=0x0, 
    pipeout=0x0, do_glob=1)
    at /usr/src/bin/csh/../../contrib/tcsh/sh.sem.c:650
#6  0x08065dd3 in execute (t=0x81652a8, wanttty=50551, pipein=0x0, 
    pipeout=0x0, do_glob=1)
    at /usr/src/bin/csh/../../contrib/tcsh/sh.sem.c:721
#7  0x0804d081 in process (catch=1)
    at /usr/src/bin/csh/../../contrib/tcsh/sh.c:2180
#8  0x0804bd8b in main (argc=0, argv=0xbfbfeb74)
    at /usr/src/bin/csh/../../contrib/tcsh/sh.c:1362
-----------------------------------------------------

signal comes from tw.parse.c:

    columns = TermH / maxwidth;		/* PWP: terminal size change */
                    ^^^^^^^^^^^

There are cases when maxwidth == 0 !!!

maxwidth is computed by ...

maxwidth = max(maxwidth, (unsigned int) NLSStringWidth(items[i]));

and NLSStringWidth() is defined in tc.nls.c

int
NLSStringWidth(Char *s)
{
    int w = 0;
    while (*s)
	w += wcwidth(*s++);
    return w;
}

wcwidth() returns -1 when char is not printable depending LANG.
If LANG is not matched with coding set used as filenames,
wcwidth() will return -1.

So, int NLSStringWidth() might return negative value such as -1 or -2.
As a result, the next sentence in tw.parse.c

maxwidth += no_file_suffix ? 1 : 2;	/* for the file tag and space */

makes maxwidth=0.


>How-To-Repeat:
% /bin/tcsh
% cd /SOMEWHERE
% ls-F
Floating exception (core dumped)

This problem occurs for example,

  1. charset of filename is ja_JP.eucJP
  2. LANG is not ja_JP.eucJP
  3. run ls-F

This is not only the case.
>Fix:
Here is a tiny patch. This worked for me so far.

-----------------------------------------------------

--- tc.nls.c.org	Tue Nov  8 14:13:22 2005
+++ tc.nls.c	Tue Nov  8 14:04:54 2005
@@ -89,8 +89,10 @@
 NLSStringWidth(Char *s)
 {
     int w = 0;
-    while (*s)
-	w += wcwidth(*s++);
+    while (*s) {
+      int tmp = wcwidth(*s++);
+      w += (tmp>0) ? tmp : 0;
+    }
     return w;
 }
 
-----------------------------------------------------

there are some other places where wcwidth() seems to be used incorrectly.


>Release-Note:
>Audit-Trail:
>Unformatted:
